1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. 3.\" Copyright (c) 2010-2011 The FreeBSD Foundation 4.\" All rights reserved. 5.\" 6.\" Portions of this documentation were written at the Centre for Advanced 7.\" Internet Architectures, Swinburne University of Technology, Melbourne, 8.\" Australia by David Hayes under sponsorship from the FreeBSD Foundation. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 3. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 35.\" $FreeBSD$ 36.\" 37.Dd July 23, 2020 38.Dt TCP 4 39.Os 40.Sh NAME 41.Nm tcp 42.Nd Internet Transmission Control Protocol 43.Sh SYNOPSIS 44.In sys/types.h 45.In sys/socket.h 46.In netinet/in.h 47.In netinet/tcp.h 48.Ft int 49.Fn socket AF_INET SOCK_STREAM 0 50.Sh DESCRIPTION 51The 52.Tn TCP 53protocol provides reliable, flow-controlled, two-way 54transmission of data. 55It is a byte-stream protocol used to 56support the 57.Dv SOCK_STREAM 58abstraction. 59.Tn TCP 60uses the standard 61Internet address format and, in addition, provides a per-host 62collection of 63.Dq "port addresses" . 64Thus, each address is composed 65of an Internet address specifying the host and network, 66with a specific 67.Tn TCP 68port on the host identifying the peer entity. 69.Pp 70Sockets utilizing the 71.Tn TCP 72protocol are either 73.Dq active 74or 75.Dq passive . 76Active sockets initiate connections to passive 77sockets. 78By default, 79.Tn TCP 80sockets are created active; to create a 81passive socket, the 82.Xr listen 2 83system call must be used 84after binding the socket with the 85.Xr bind 2 86system call. 87Only passive sockets may use the 88.Xr accept 2 89call to accept incoming connections. 90Only active sockets may use the 91.Xr connect 2 92call to initiate connections. 93.Pp 94Passive sockets may 95.Dq underspecify 96their location to match 97incoming connection requests from multiple networks. 98This technique, termed 99.Dq "wildcard addressing" , 100allows a single 101server to provide service to clients on multiple networks. 102To create a socket which listens on all networks, the Internet 103address 104.Dv INADDR_ANY 105must be bound. 106The 107.Tn TCP 108port may still be specified 109at this time; if the port is not specified, the system will assign one. 110Once a connection has been established, the socket's address is 111fixed by the peer entity's location. 112The address assigned to the 113socket is the address associated with the network interface 114through which packets are being transmitted and received. 115Normally, this address corresponds to the peer entity's network. 116.Pp 117.Tn TCP 118supports a number of socket options which can be set with 119.Xr setsockopt 2 120and tested with 121.Xr getsockopt 2 : 122.Bl -tag -width ".Dv TCP_FUNCTION_BLK" 123.It Dv TCP_INFO 124Information about a socket's underlying TCP session may be retrieved 125by passing the read-only option 126.Dv TCP_INFO 127to 128.Xr getsockopt 2 . 129It accepts a single argument: a pointer to an instance of 130.Vt "struct tcp_info" . 131.Pp 132This API is subject to change; consult the source to determine 133which fields are currently filled out by this option. 134.Fx 135specific additions include 136send window size, 137receive window size, 138and 139bandwidth-controlled window space. 140.It Dv TCP_CCALGOOPT 141Set or query congestion control algorithm specific parameters. 142See 143.Xr mod_cc 4 144for details. 145.It Dv TCP_CONGESTION 146Select or query the congestion control algorithm that TCP will use for the 147connection. 148See 149.Xr mod_cc 4 150for details. 151.It Dv TCP_FUNCTION_BLK 152Select or query the set of functions that TCP will use for this connection. 153This allows a user to select an alternate TCP stack. 154The alternate TCP stack must already be loaded in the kernel. 155To list the available TCP stacks, see 156.Va functions_available 157in the 158.Sx MIB Variables 159section further down. 160To list the default TCP stack, see 161.Va functions_default 162in the 163.Sx MIB Variables 164section. 165.It Dv TCP_KEEPINIT 166This 167.Xr setsockopt 2 168option accepts a per-socket timeout argument of 169.Vt "u_int" 170in seconds, for new, non-established 171.Tn TCP 172connections. 173For the global default in milliseconds see 174.Va keepinit 175in the 176.Sx MIB Variables 177section further down. 178.It Dv TCP_KEEPIDLE 179This 180.Xr setsockopt 2 181option accepts an argument of 182.Vt "u_int" 183for the amount of time, in seconds, that the connection must be idle 184before keepalive probes (if enabled) are sent for the connection of this 185socket. 186If set on a listening socket, the value is inherited by the newly created 187socket upon 188.Xr accept 2 . 189For the global default in milliseconds see 190.Va keepidle 191in the 192.Sx MIB Variables 193section further down. 194.It Dv TCP_KEEPINTVL 195This 196.Xr setsockopt 2 197option accepts an argument of 198.Vt "u_int" 199to set the per-socket interval, in seconds, between keepalive probes sent 200to a peer. 201If set on a listening socket, the value is inherited by the newly created 202socket upon 203.Xr accept 2 . 204For the global default in milliseconds see 205.Va keepintvl 206in the 207.Sx MIB Variables 208section further down. 209.It Dv TCP_KEEPCNT 210This 211.Xr setsockopt 2 212option accepts an argument of 213.Vt "u_int" 214and allows a per-socket tuning of the number of probes sent, with no response, 215before the connection will be dropped. 216If set on a listening socket, the value is inherited by the newly created 217socket upon 218.Xr accept 2 . 219For the global default see the 220.Va keepcnt 221in the 222.Sx MIB Variables 223section further down. 224.It Dv TCP_NODELAY 225Under most circumstances, 226.Tn TCP 227sends data when it is presented; 228when outstanding data has not yet been acknowledged, it gathers 229small amounts of output to be sent in a single packet once 230an acknowledgement is received. 231For a small number of clients, such as window systems 232that send a stream of mouse events which receive no replies, 233this packetization may cause significant delays. 234The boolean option 235.Dv TCP_NODELAY 236defeats this algorithm. 237.It Dv TCP_MAXSEG 238By default, a sender- and 239.No receiver- Ns Tn TCP 240will negotiate among themselves to determine the maximum segment size 241to be used for each connection. 242The 243.Dv TCP_MAXSEG 244option allows the user to determine the result of this negotiation, 245and to reduce it if desired. 246.It Dv TCP_NOOPT 247.Tn TCP 248usually sends a number of options in each packet, corresponding to 249various 250.Tn TCP 251extensions which are provided in this implementation. 252The boolean option 253.Dv TCP_NOOPT 254is provided to disable 255.Tn TCP 256option use on a per-connection basis. 257.It Dv TCP_NOPUSH 258By convention, the 259.No sender- Ns Tn TCP 260will set the 261.Dq push 262bit, and begin transmission immediately (if permitted) at the end of 263every user call to 264.Xr write 2 265or 266.Xr writev 2 . 267When this option is set to a non-zero value, 268.Tn TCP 269will delay sending any data at all until either the socket is closed, 270or the internal send buffer is filled. 271.It Dv TCP_MD5SIG 272This option enables the use of MD5 digests (also known as TCP-MD5) 273on writes to the specified socket. 274Outgoing traffic is digested; 275digests on incoming traffic are verified. 276When this option is enabled on a socket, all inbound and outgoing 277TCP segments must be signed with MD5 digests. 278.Pp 279One common use for this in a 280.Fx 281router deployment is to enable 282based routers to interwork with Cisco equipment at peering points. 283Support for this feature conforms to RFC 2385. 284.Pp 285In order for this option to function correctly, it is necessary for the 286administrator to add a tcp-md5 key entry to the system's security 287associations database (SADB) using the 288.Xr setkey 8 289utility. 290This entry can only be specified on a per-host basis at this time. 291.Pp 292If an SADB entry cannot be found for the destination, 293the system does not send any outgoing segments and drops any inbound segments. 294.It Dv TCP_STATS 295Manage collection of connection level statistics using the 296.Xr stats 3 297framework. 298.Pp 299Each dropped segment is taken into account in the TCP protocol statistics. 300.It Dv TCP_TXTLS_ENABLE 301Enable in-kernel Transport Layer Security (TLS) for data written to this 302socket. 303The 304.Vt struct tls_so_enable 305argument defines the encryption and authentication algorithms and keys 306used to encrypt the socket data as well as the maximum TLS record 307payload size. 308.Pp 309All data written to this socket will be encapsulated in TLS records 310and subsequently encrypted. 311By default all data written to this socket is treated as application data. 312Individual TLS records with a type other than application data 313(for example, handshake messages), 314may be transmitted by invoking 315.Xr sendmsg 2 316with a custom TLS record type set in a 317.Dv TLS_SET_RECORD_TYPE 318control message. 319The payload of this control message is a single byte holding the desired 320TLS record type. 321.Pp 322At present, only a single transmit key may be set on a socket. 323As such, users of this option must disable rekeying. 324.It Dv TCP_TXTLS_MODE 325The integer argument can be used to get or set the current TLS transmit mode 326of a socket. 327Setting the mode can only used to toggle between software and NIC TLS after 328TLS has been initially enabled via the 329.Dv TCP_TXTLS_ENABLE 330option. 331The available modes are: 332.Bl -tag -width "Dv TCP_TLS_MODE_IFNET" 333.It Dv TCP_TLS_MODE_NONE 334In-kernel TLS framing and encryption is not enabled for this socket. 335.It Dv TCP_TLS_MODE_SW 336TLS records are encrypted by the kernel prior to placing the data in the 337socket buffer. 338Typically this encryption is performed in software. 339.It Dv TCP_TLS_MODE_IFNET 340TLS records are encrypted by the network interface card (NIC). 341.It Dv TCP_TLS_MODE_TOE 342TLS records are encrypted by the NIC using a TCP offload engine (TOE). 343.El 344.It Dv TCP_RXTLS_ENABLE 345Enable in-kernel TLS for data read from this socket. 346The 347.Vt struct tls_so_enable 348argument defines the encryption and authentication algorithms and keys 349used to decrypt the socket data. 350.Pp 351Each received TLS record must be read from the socket using 352.Xr recvmsg 2 . 353Each received TLS record will contain a 354.Dv TLS_GET_RECORD 355control message along with the decrypted payload. 356The control message contains a 357.Vt struct tls_get_record 358which includes fields from the TLS record header. 359If an invalid or corrupted TLS record is received, 360recvmsg 2 361will fail with one of the following errors: 362.Bl -tag -width Er 363.It Bq Er EINVAL 364The version fields in a TLS record's header did not match the version required 365by the 366.Vt struct tls_so_enable 367structure used to enable in-kernel TLS. 368.It Bq Er EMSGSIZE 369A TLS record's length was either too small or too large. 370.It Bq Er EMSGSIZE 371The connection was closed after sending a truncated TLS record. 372.It Bq Er EBADMSG 373The TLS record failed to match the included authentication tag. 374.El 375.Pp 376At present, only a single receive key may be set on a socket. 377As such, users of this option must disable rekeying. 378.It Dv TCP_RXTLS_MODE 379The integer argument can be used to get the current TLS receive mode 380of a socket. 381The available modes are the same as for 382.Dv TCP_TXTLS_MODE . 383.El 384.Pp 385The option level for the 386.Xr setsockopt 2 387call is the protocol number for 388.Tn TCP , 389available from 390.Xr getprotobyname 3 , 391or 392.Dv IPPROTO_TCP . 393All options are declared in 394.In netinet/tcp.h . 395.Pp 396Options at the 397.Tn IP 398transport level may be used with 399.Tn TCP ; 400see 401.Xr ip 4 . 402Incoming connection requests that are source-routed are noted, 403and the reverse source route is used in responding. 404.Pp 405The default congestion control algorithm for 406.Tn TCP 407is 408.Xr cc_newreno 4 . 409Other congestion control algorithms can be made available using the 410.Xr mod_cc 4 411framework. 412.Ss MIB Variables 413The 414.Tn TCP 415protocol implements a number of variables in the 416.Va net.inet.tcp 417branch of the 418.Xr sysctl 3 419MIB. 420.Bl -tag -width ".Va TCPCTL_DO_RFC1323" 421.It Dv TCPCTL_DO_RFC1323 422.Pq Va rfc1323 423Implement the window scaling and timestamp options of RFC 1323 424(default is true). 425.It Dv TCPCTL_MSSDFLT 426.Pq Va mssdflt 427The default value used for the maximum segment size 428.Pq Dq MSS 429when no advice to the contrary is received from MSS negotiation. 430.It Dv TCPCTL_SENDSPACE 431.Pq Va sendspace 432Maximum 433.Tn TCP 434send window. 435.It Dv TCPCTL_RECVSPACE 436.Pq Va recvspace 437Maximum 438.Tn TCP 439receive window. 440.It Va log_in_vain 441Log any connection attempts to ports where there is not a socket 442accepting connections. 443The value of 1 limits the logging to 444.Tn SYN 445(connection establishment) packets only. 446That of 2 results in any 447.Tn TCP 448packets to closed ports being logged. 449Any value unlisted above disables the logging 450(default is 0, i.e., the logging is disabled). 451.It Va msl 452The Maximum Segment Lifetime, in milliseconds, for a packet. 453.It Va keepinit 454Timeout, in milliseconds, for new, non-established 455.Tn TCP 456connections. 457The default is 75000 msec. 458.It Va keepidle 459Amount of time, in milliseconds, that the connection must be idle 460before keepalive probes (if enabled) are sent. 461The default is 7200000 msec (2 hours). 462.It Va keepintvl 463The interval, in milliseconds, between keepalive probes sent to remote 464machines, when no response is received on a 465.Va keepidle 466probe. 467The default is 75000 msec. 468.It Va keepcnt 469Number of probes sent, with no response, before a connection 470is dropped. 471The default is 8 packets. 472.It Va always_keepalive 473Assume that 474.Dv SO_KEEPALIVE 475is set on all 476.Tn TCP 477connections, the kernel will 478periodically send a packet to the remote host to verify the connection 479is still up. 480.It Va icmp_may_rst 481Certain 482.Tn ICMP 483unreachable messages may abort connections in 484.Tn SYN-SENT 485state. 486.It Va do_tcpdrain 487Flush packets in the 488.Tn TCP 489reassembly queue if the system is low on mbufs. 490.It Va blackhole 491If enabled, disable sending of RST when a connection is attempted 492to a port where there is not a socket accepting connections. 493See 494.Xr blackhole 4 . 495.It Va delayed_ack 496Delay ACK to try and piggyback it onto a data packet. 497.It Va delacktime 498Maximum amount of time, in milliseconds, before a delayed ACK is sent. 499.It Va path_mtu_discovery 500Enable Path MTU Discovery. 501.It Va tcbhashsize 502Size of the 503.Tn TCP 504control-block hash table 505(read-only). 506This may be tuned using the kernel option 507.Dv TCBHASHSIZE 508or by setting 509.Va net.inet.tcp.tcbhashsize 510in the 511.Xr loader 8 . 512.It Va pcbcount 513Number of active process control blocks 514(read-only). 515.It Va syncookies 516Determines whether or not 517.Tn SYN 518cookies should be generated for outbound 519.Tn SYN-ACK 520packets. 521.Tn SYN 522cookies are a great help during 523.Tn SYN 524flood attacks, and are enabled by default. 525(See 526.Xr syncookies 4 . ) 527.It Va isn_reseed_interval 528The interval (in seconds) specifying how often the secret data used in 529RFC 1948 initial sequence number calculations should be reseeded. 530By default, this variable is set to zero, indicating that 531no reseeding will occur. 532Reseeding should not be necessary, and will break 533.Dv TIME_WAIT 534recycling for a few minutes. 535.It Va reass.cursegments 536The current total number of segments present in all reassembly queues. 537.It Va reass.maxsegments 538The maximum limit on the total number of segments across all reassembly 539queues. 540The limit can be adjusted as a tunable. 541.It Va reass.maxqueuelen 542The maximum number of segments allowed in each reassembly queue. 543By default, the system chooses a limit based on each TCP connection's 544receive buffer size and maximum segment size (MSS). 545The actual limit applied to a session's reassembly queue will be the lower of 546the system-calculated automatic limit and the user-specified 547.Va reass.maxqueuelen 548limit. 549.It Va rexmit_initial , rexmit_min , rexmit_slop 550Adjust the retransmit timer calculation for 551.Tn TCP . 552The slop is 553typically added to the raw calculation to take into account 554occasional variances that the 555.Tn SRTT 556(smoothed round-trip time) 557is unable to accommodate, while the minimum specifies an 558absolute minimum. 559While a number of 560.Tn TCP 561RFCs suggest a 1 562second minimum, these RFCs tend to focus on streaming behavior, 563and fail to deal with the fact that a 1 second minimum has severe 564detrimental effects over lossy interactive connections, such 565as a 802.11b wireless link, and over very fast but lossy 566connections for those cases not covered by the fast retransmit 567code. 568For this reason, we use 200ms of slop and a near-0 569minimum, which gives us an effective minimum of 200ms (similar to 570.Tn Linux ) . 571The initial value is used before an RTT measurement has been performed. 572.It Va initcwnd_segments 573Enable the ability to specify initial congestion window in number of segments. 574The default value is 10 as suggested by RFC 6928. 575Changing the value on fly would not affect connections using congestion window 576from the hostcache. 577Caution: 578This regulates the burst of packets allowed to be sent in the first RTT. 579The value should be relative to the link capacity. 580Start with small values for lower-capacity links. 581Large bursts can cause buffer overruns and packet drops if routers have small 582buffers or the link is experiencing congestion. 583.It Va newcwd 584Enable the New Congestion Window Validation mechanism as described in RFC 7661. 585This gently reduces the congestion window during periods, where TCP is 586application limited and the network bandwidth is not utilized completely. 587That prevents self-inflicted packet losses once the application starts to 588transmit data at a higher speed. 589.It Va rfc6675_pipe 590Calculate the bytes in flight using the algorithm described in RFC 6675, and 591is also a prerequisite to enable Proportional Rate Reduction. 592.It Va rfc3042 593Enable the Limited Transmit algorithm as described in RFC 3042. 594It helps avoid timeouts on lossy links and also when the congestion window 595is small, as happens on short transfers. 596.It Va rfc3390 597Enable support for RFC 3390, which allows for a variable-sized 598starting congestion window on new connections, depending on the 599maximum segment size. 600This helps throughput in general, but 601particularly affects short transfers and high-bandwidth large 602propagation-delay connections. 603.It Va sack.enable 604Enable support for RFC 2018, TCP Selective Acknowledgment option, 605which allows the receiver to inform the sender about all successfully 606arrived segments, allowing the sender to retransmit the missing segments 607only. 608.It Va sack.maxholes 609Maximum number of SACK holes per connection. 610Defaults to 128. 611.It Va sack.globalmaxholes 612Maximum number of SACK holes per system, across all connections. 613Defaults to 65536. 614.It Va maxtcptw 615When a TCP connection enters the 616.Dv TIME_WAIT 617state, its associated socket structure is freed, since it is of 618negligible size and use, and a new structure is allocated to contain a 619minimal amount of information necessary for sustaining a connection in 620this state, called the compressed TCP TIME_WAIT state. 621Since this structure is smaller than a socket structure, it can save 622a significant amount of system memory. 623The 624.Va net.inet.tcp.maxtcptw 625MIB variable controls the maximum number of these structures allocated. 626By default, it is initialized to 627.Va kern.ipc.maxsockets 628/ 5. 629.It Va nolocaltimewait 630Suppress creating of compressed TCP TIME_WAIT states for connections in 631which both endpoints are local. 632.It Va fast_finwait2_recycle 633Recycle 634.Tn TCP 635.Dv FIN_WAIT_2 636connections faster when the socket is marked as 637.Dv SBS_CANTRCVMORE 638(no user process has the socket open, data received on 639the socket cannot be read). 640The timeout used here is 641.Va finwait2_timeout . 642.It Va finwait2_timeout 643Timeout to use for fast recycling of 644.Tn TCP 645.Dv FIN_WAIT_2 646connections. 647Defaults to 60 seconds. 648.It Va ecn.enable 649Enable support for TCP Explicit Congestion Notification (ECN). 650ECN allows a TCP sender to reduce the transmission rate in order to 651avoid packet drops. 652Settings: 653.Bl -tag -compact 654.It 0 655Disable ECN. 656.It 1 657Allow incoming connections to request ECN. 658Outgoing connections will request ECN. 659.It 2 660Allow incoming connections to request ECN. 661Outgoing connections will not request ECN. 662.El 663.It Va ecn.maxretries 664Number of retries (SYN or SYN/ACK retransmits) before disabling ECN on a 665specific connection. 666This is needed to help with connection establishment 667when a broken firewall is in the network path. 668.It Va pmtud_blackhole_detection 669Enable automatic path MTU blackhole detection. 670In case of retransmits of MSS sized segments, 671the OS will lower the MSS to check if it's an MTU problem. 672If the current MSS is greater than the configured value to try 673.Po Va net.inet.tcp.pmtud_blackhole_mss 674and 675.Va net.inet.tcp.v6pmtud_blackhole_mss 676.Pc , 677it will be set to this value, otherwise, 678the MSS will be set to the default values 679.Po Va net.inet.tcp.mssdflt 680and 681.Va net.inet.tcp.v6mssdflt 682.Pc . 683Settings: 684.Bl -tag -compact 685.It 0 686Disable path MTU blackhole detection. 687.It 1 688Enable path MTU blackhole detection for IPv4 and IPv6. 689.It 2 690Enable path MTU blackhole detection only for IPv4. 691.It 3 692Enable path MTU blackhole detection only for IPv6. 693.El 694.It Va pmtud_blackhole_mss 695MSS to try for IPv4 if PMTU blackhole detection is turned on. 696.It Va v6pmtud_blackhole_mss 697MSS to try for IPv6 if PMTU blackhole detection is turned on. 698.It Va functions_available 699List of available TCP function blocks (TCP stacks). 700.It Va functions_default 701The default TCP function block (TCP stack). 702.It Va functions_inherit_listen_socket_stack 703Determines whether to inherit listen socket's tcp stack or use the current 704system default tcp stack, as defined by 705.Va functions_default . 706Default is true. 707.It Va insecure_rst 708Use criteria defined in RFC793 instead of RFC5961 for accepting RST segments. 709Default is false. 710.It Va insecure_syn 711Use criteria defined in RFC793 instead of RFC5961 for accepting SYN segments. 712Default is false. 713.It Va ts_offset_per_conn 714When initializing the TCP timestamps, use a per connection offset instead of a 715per host pair offset. 716Default is to use per connection offsets as recommended in RFC 7323. 717.It Va perconn_stats_enable 718Controls the default collection of statistics for all connections using the 719.Xr stats 3 720framework. 7210 disables, 1 enables, 2 enables random sampling across log id connection 722groups with all connections in a group receiving the same setting. 723.It Va perconn_stats_sample_rates 724A CSV list of template_spec=percent key-value pairs which controls the per 725template sampling rates when 726.Xr stats 3 727sampling is enabled. 728.El 729.Sh ERRORS 730A socket operation may fail with one of the following errors returned: 731.Bl -tag -width Er 732.It Bq Er EISCONN 733when trying to establish a connection on a socket which 734already has one; 735.It Bo Er ENOBUFS Bc or Bo Er ENOMEM Bc 736when the system runs out of memory for 737an internal data structure; 738.It Bq Er ETIMEDOUT 739when a connection was dropped 740due to excessive retransmissions; 741.It Bq Er ECONNRESET 742when the remote peer 743forces the connection to be closed; 744.It Bq Er ECONNREFUSED 745when the remote 746peer actively refuses connection establishment (usually because 747no process is listening to the port); 748.It Bq Er EADDRINUSE 749when an attempt 750is made to create a socket with a port which has already been 751allocated; 752.It Bq Er EADDRNOTAVAIL 753when an attempt is made to create a 754socket with a network address for which no network interface 755exists; 756.It Bq Er EAFNOSUPPORT 757when an attempt is made to bind or connect a socket to a multicast 758address. 759.It Bq Er EINVAL 760when trying to change TCP function blocks at an invalid point in the session; 761.It Bq Er ENOENT 762when trying to use a TCP function block that is not available; 763.El 764.Sh SEE ALSO 765.Xr getsockopt 2 , 766.Xr socket 2 , 767.Xr stats 3 , 768.Xr sysctl 3 , 769.Xr blackhole 4 , 770.Xr inet 4 , 771.Xr intro 4 , 772.Xr ip 4 , 773.Xr mod_cc 4 , 774.Xr siftr 4 , 775.Xr syncache 4 , 776.Xr setkey 8 , 777.Xr tcp_functions 9 778.Rs 779.%A "V. Jacobson" 780.%A "R. Braden" 781.%A "D. Borman" 782.%T "TCP Extensions for High Performance" 783.%O "RFC 1323" 784.Re 785.Rs 786.%A "A. Heffernan" 787.%T "Protection of BGP Sessions via the TCP MD5 Signature Option" 788.%O "RFC 2385" 789.Re 790.Rs 791.%A "K. Ramakrishnan" 792.%A "S. Floyd" 793.%A "D. Black" 794.%T "The Addition of Explicit Congestion Notification (ECN) to IP" 795.%O "RFC 3168" 796.Re 797.Sh HISTORY 798The 799.Tn TCP 800protocol appeared in 801.Bx 4.2 . 802The RFC 1323 extensions for window scaling and timestamps were added 803in 804.Bx 4.4 . 805The 806.Dv TCP_INFO 807option was introduced in 808.Tn Linux 2.6 809and is 810.Em subject to change . 811